aboutsummaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-05-11 10:36:54 -0400
committerGitHub <noreply@github.com>2021-05-11 10:36:54 -0400
commit8dcd5b893feb8b3b34386e6688d20b7ef098228b (patch)
treed8faac5bbd3c5dd91c0de0e94c5d9252c5485d0d /vendor
parent58915f2974c6f14ff2aa34004e7d581d1a05a148 (diff)
parentd71672c57b5e9e41cb526b290b8b3704232e814a (diff)
downloadpodman-8dcd5b893feb8b3b34386e6688d20b7ef098228b.tar.gz
podman-8dcd5b893feb8b3b34386e6688d20b7ef098228b.tar.bz2
podman-8dcd5b893feb8b3b34386e6688d20b7ef098228b.zip
Merge pull request #10304 from containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.0-rc94
Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go28
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go36
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/open.go35
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/utils.go48
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go26
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go6
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/configs/config.go12
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go9
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/devices/device.go4
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go107
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/devices/device_windows.go5
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go112
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/system/linux.go49
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go27
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/system/userns_deprecated.go5
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS2
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go41
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go20
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go40
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/user.go48
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go42
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go5
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go15
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go37
-rw-r--r--vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go17
-rw-r--r--vendor/github.com/opencontainers/runtime-spec/specs-go/config.go13
-rw-r--r--vendor/github.com/opencontainers/runtime-spec/specs-go/state.go29
-rw-r--r--vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s1
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_arm64.s1
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_s390x.s1
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_x86.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_aix_ppc64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_386.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_amd64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mips64x.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mipsx.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_riscv64.s4
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_s390x.s3
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/asm_solaris_amd64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_illumos.go51
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux.go23
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_386.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go1
-rw-r--r--vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go1
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go4
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_linux.go15
-rw-r--r--vendor/modules.txt7
72 files changed, 557 insertions, 412 deletions
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go
index 73965f12d..5da14fb3b 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go
@@ -1,27 +1,41 @@
package apparmor
import (
- "bytes"
+ "errors"
"fmt"
"io/ioutil"
"os"
+ "sync"
"github.com/opencontainers/runc/libcontainer/utils"
)
+var (
+ appArmorEnabled bool
+ checkAppArmor sync.Once
+)
+
// IsEnabled returns true if apparmor is enabled for the host.
func IsEnabled() bool {
- if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
- buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
- return err == nil && bytes.HasPrefix(buf, []byte("Y"))
- }
- return false
+ checkAppArmor.Do(func() {
+ if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
+ buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+ appArmorEnabled = err == nil && len(buf) > 1 && buf[0] == 'Y'
+ }
+ })
+ return appArmorEnabled
}
func setProcAttr(attr, value string) error {
// Under AppArmor you can only change your own attr, so use /proc/self/
// instead of /proc/<tid>/ like libapparmor does
- f, err := os.OpenFile("/proc/self/attr/"+attr, os.O_WRONLY, 0)
+ attrPath := "/proc/self/attr/apparmor/" + attr
+ if _, err := os.Stat(attrPath); errors.Is(err, os.ErrNotExist) {
+ // fall back to the old convention
+ attrPath = "/proc/self/attr/" + attr
+ }
+
+ f, err := os.OpenFile(attrPath, os.O_WRONLY, 0)
if err != nil {
return err
}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
index a16a68e97..68a346ca5 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go
@@ -7,37 +7,44 @@ import (
)
type Manager interface {
- // Applies cgroup configuration to the process with the specified pid
+ // Apply creates a cgroup, if not yet created, and adds a process
+ // with the specified pid into that cgroup. A special value of -1
+ // can be used to merely create a cgroup.
Apply(pid int) error
- // Returns the PIDs inside the cgroup set
+ // GetPids returns the PIDs of all processes inside the cgroup.
GetPids() ([]int, error)
- // Returns the PIDs inside the cgroup set & all sub-cgroups
+ // GetAllPids returns the PIDs of all processes inside the cgroup
+ // any all its sub-cgroups.
GetAllPids() ([]int, error)
- // Returns statistics for the cgroup set
+ // GetStats returns cgroups statistics.
GetStats() (*Stats, error)
- // Toggles the freezer cgroup according with specified state
+ // Freeze sets the freezer cgroup to the specified state.
Freeze(state configs.FreezerState) error
- // Destroys the cgroup set
+ // Destroy removes cgroup.
Destroy() error
// Path returns a cgroup path to the specified controller/subsystem.
// For cgroupv2, the argument is unused and can be empty.
Path(string) string
- // Sets the cgroup as configured.
- Set(container *configs.Config) error
+ // Set sets cgroup resources parameters/limits. If the argument is nil,
+ // the resources specified during Manager creation (or the previous call
+ // to Set) are used.
+ Set(r *configs.Resources) error
- // GetPaths returns cgroup path(s) to save in a state file in order to restore later.
+ // GetPaths returns cgroup path(s) to save in a state file in order to
+ // restore later.
//
- // For cgroup v1, a key is cgroup subsystem name, and the value is the path
- // to the cgroup for this subsystem.
+ // For cgroup v1, a key is cgroup subsystem name, and the value is the
+ // path to the cgroup for this subsystem.
//
- // For cgroup v2 unified hierarchy, a key is "", and the value is the unified path.
+ // For cgroup v2 unified hierarchy, a key is "", and the value is the
+ // unified path.
GetPaths() map[string]string
// GetCgroups returns the cgroup data as configured.
@@ -46,6 +53,9 @@ type Manager interface {
// GetFreezerState retrieves the current FreezerState of the cgroup.
GetFreezerState() (configs.FreezerState, error)
- // Whether the cgroup path exists or not
+ // Exists returns whether the cgroup path exists or not.
Exists() bool
+
+ // OOMKillCount reports OOM kill count for the cgroup.
+ OOMKillCount() (uint64, error)
}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/open.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/open.go
index 0a7e3d952..49af83b3c 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/open.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/open.go
@@ -5,7 +5,6 @@ import (
"strings"
"sync"
- securejoin "github.com/cyphar/filepath-securejoin"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -17,7 +16,7 @@ const (
)
var (
- // Set to true by fs unit tests
+ // TestMode is set to true by unit tests that need "fake" cgroupfs.
TestMode bool
cgroupFd int = -1
@@ -71,12 +70,12 @@ func OpenFile(dir, file string, flags int) (*os.File, error) {
flags |= os.O_TRUNC | os.O_CREATE
mode = 0o600
}
+ if prepareOpenat2() != nil {
+ return openFallback(dir, file, flags, mode)
+ }
reldir := strings.TrimPrefix(dir, cgroupfsPrefix)
if len(reldir) == len(dir) { // non-standard path, old system?
- return openWithSecureJoin(dir, file, flags, mode)
- }
- if prepareOpenat2() != nil {
- return openWithSecureJoin(dir, file, flags, mode)
+ return openFallback(dir, file, flags, mode)
}
relname := reldir + "/" + file
@@ -93,11 +92,29 @@ func OpenFile(dir, file string, flags int) (*os.File, error) {
return os.NewFile(uintptr(fd), cgroupfsPrefix+relname), nil
}
-func openWithSecureJoin(dir, file string, flags int, mode os.FileMode) (*os.File, error) {
- path, err := securejoin.SecureJoin(dir, file)
+var errNotCgroupfs = errors.New("not a cgroup file")
+
+// openFallback is used when openat2(2) is not available. It checks the opened
+// file is on cgroupfs, returning an error otherwise.
+func openFallback(dir, file string, flags int, mode os.FileMode) (*os.File, error) {
+ path := dir + "/" + file
+ fd, err := os.OpenFile(path, flags, mode)
if err != nil {
return nil, err
}
+ if TestMode {
+ return fd, nil
+ }
+ // Check this is a cgroupfs file.
+ var st unix.Statfs_t
+ if err := unix.Fstatfs(int(fd.Fd()), &st); err != nil {
+ _ = fd.Close()
+ return nil, &os.PathError{Op: "statfs", Path: path, Err: err}
+ }
+ if st.Type != unix.CGROUP_SUPER_MAGIC && st.Type != unix.CGROUP2_SUPER_MAGIC {
+ _ = fd.Close()
+ return nil, &os.PathError{Op: "open", Path: path, Err: errNotCgroupfs}
+ }
- return os.OpenFile(path, flags, mode)
+ return fd, nil
}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/utils.go
index 2e4e837f2..db0caded1 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fscommon/utils.go
@@ -35,22 +35,42 @@ func ParseUint(s string, base, bitSize int) (uint64, error) {
return value, nil
}
-// GetCgroupParamKeyValue parses a space-separated "name value" kind of cgroup
-// parameter and returns its components. For example, "io_service_bytes 1234"
-// will return as "io_service_bytes", 1234.
-func GetCgroupParamKeyValue(t string) (string, uint64, error) {
- parts := strings.Fields(t)
- switch len(parts) {
- case 2:
- value, err := ParseUint(parts[1], 10, 64)
- if err != nil {
- return "", 0, fmt.Errorf("unable to convert to uint64: %v", err)
- }
+// ParseKeyValue parses a space-separated "name value" kind of cgroup
+// parameter and returns its key as a string, and its value as uint64
+// (ParseUint is used to convert the value). For example,
+// "io_service_bytes 1234" will be returned as "io_service_bytes", 1234.
+func ParseKeyValue(t string) (string, uint64, error) {
+ parts := strings.SplitN(t, " ", 3)
+ if len(parts) != 2 {
+ return "", 0, fmt.Errorf("line %q is not in key value format", t)
+ }
- return parts[0], value, nil
- default:
- return "", 0, ErrNotValidFormat
+ value, err := ParseUint(parts[1], 10, 64)
+ if err != nil {
+ return "", 0, fmt.Errorf("unable to convert to uint64: %v", err)
}
+
+ return parts[0], value, nil
+}
+
+// GetValueByKey reads a key-value pairs from the specified cgroup file,
+// and returns a value of the specified key. ParseUint is used for value
+// conversion.
+func GetValueByKey(path, file, key string) (uint64, error) {
+ content, err := ReadFile(path, file)
+ if err != nil {
+ return 0, err
+ }
+
+ lines := strings.Split(string(content), "\n")
+ for _, line := range lines {
+ arr := strings.Split(line, " ")
+ if len(arr) == 2 && arr[0] == key {
+ return ParseUint(arr[1], 10, 64)
+ }
+ }
+
+ return 0, nil
}
// GetCgroupParamUint reads a single uint64 value from the specified cgroup file.
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
index 840817e39..35ce2c1c2 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
@@ -16,7 +16,7 @@ import (
"time"
"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
- "github.com/opencontainers/runc/libcontainer/system"
+ "github.com/opencontainers/runc/libcontainer/userns"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
@@ -37,7 +37,7 @@ func IsCgroup2UnifiedMode() bool {
var st unix.Statfs_t
err := unix.Statfs(unifiedMountpoint, &st)
if err != nil {
- if os.IsNotExist(err) && system.RunningInUserNS() {
+ if os.IsNotExist(err) && userns.RunningInUserNS() {
// ignore the "not found" error if running in userns
logrus.WithError(err).Debugf("%s missing, assuming cgroup v1", unifiedMountpoint)
isUnified = false
@@ -402,17 +402,6 @@ func WriteCgroupProc(dir string, pid int) error {
// Since the OCI spec is designed for cgroup v1, in some cases
// there is need to convert from the cgroup v1 configuration to cgroup v2
-// the formula for BlkIOWeight is y = (1 + (x - 10) * 9999 / 990)
-// convert linearly from [10-1000] to [1-10000]
-func ConvertBlkIOToCgroupV2Value(blkIoWeight uint16) uint64 {
- if blkIoWeight == 0 {
- return 0
- }
- return uint64(1 + (uint64(blkIoWeight)-10)*9999/990)
-}
-
-// Since the OCI spec is designed for cgroup v1, in some cases
-// there is need to convert from the cgroup v1 configuration to cgroup v2
// the formula for cpuShares is y = (1 + ((x - 2) * 9999) / 262142)
// convert from [2-262144] to [1-10000]
// 262144 comes from Linux kernel definition "#define MAX_SHARES (1UL << 18)"
@@ -450,3 +439,14 @@ func ConvertMemorySwapToCgroupV2Value(memorySwap, memory int64) (int64, error) {
return memorySwap - memory, nil
}
+
+// Since the OCI spec is designed for cgroup v1, in some cases
+// there is need to convert from the cgroup v1 configuration to cgroup v2
+// the formula for BlkIOWeight to IOWeight is y = (1 + (x - 10) * 9999 / 990)
+// convert linearly from [10-1000] to [1-10000]
+func ConvertBlkIOToIOWeightValue(blkIoWeight uint16) uint64 {
+ if blkIoWeight == 0 {
+ return 0
+ }
+ return uint64(1 + (uint64(blkIoWeight)-10)*9999/990)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
index aada5d62f..87d0da842 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go
@@ -54,12 +54,6 @@ type Resources struct {
// Total memory usage (memory + swap); set `-1` to enable unlimited swap
MemorySwap int64 `json:"memory_swap"`
- // Kernel memory limit (in bytes)
- KernelMemory int64 `json:"kernel_memory"`
-
- // Kernel memory limit for TCP use (in bytes)
- KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
-
// CPU shares (relative weight vs. other containers)
CpuShares uint64 `json:"cpu_shares"`
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
index e1cd16265..042ba1a2e 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go
@@ -222,25 +222,25 @@ const (
// the runtime environment has been created but before the pivot_root has been executed.
// CreateRuntime is called immediately after the deprecated Prestart hook.
// CreateRuntime commands are called in the Runtime Namespace.
- CreateRuntime = "createRuntime"
+ CreateRuntime HookName = "createRuntime"
// CreateContainer commands MUST be called as part of the create operation after
// the runtime environment has been created but before the pivot_root has been executed.
// CreateContainer commands are called in the Container namespace.
- CreateContainer = "createContainer"
+ CreateContainer HookName = "createContainer"
// StartContainer commands MUST be called as part of the start operation and before
// the container process is started.
// StartContainer commands are called in the Container namespace.
- StartContainer = "startContainer"
+ StartContainer HookName = "startContainer"
// Poststart commands are executed after the container init process starts.
// Poststart commands are called in the Runtime Namespace.
- Poststart = "poststart"
+ Poststart HookName = "poststart"
// Poststop commands are executed after the container init process exits.
// Poststop commands are called in the Runtime Namespace.
- Poststop = "poststop"
+ Poststop HookName = "poststop"
)
type Capabilities struct {
@@ -387,7 +387,7 @@ func (c Command) Run(s *specs.State) error {
return err
case <-timerCh:
cmd.Process.Kill()
- cmd.Wait()
+ <-errC
return fmt.Errorf("hook ran past specified timeout of %.1fs", c.Timeout.Seconds())
}
}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go
new file mode 100644
index 000000000..93bf41c8d
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/configs_fuzzer.go
@@ -0,0 +1,9 @@
+// +build gofuzz
+
+package configs
+
+func FuzzUnmarshalJSON(data []byte) int {
+ hooks := Hooks{}
+ _ = hooks.UnmarshalJSON(data)
+ return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go
index 3eb73cc7c..c2c2b3bb7 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/devices/device.go
@@ -168,3 +168,7 @@ func (d *Rule) CgroupString() string {
}
return fmt.Sprintf("%c %s:%s %s", d.Type, major, minor, d.Permissions)
}
+
+func (d *Rule) Mkdev() (uint64, error) {
+ return mkDev(d)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go
index a400341e4..acb816998 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_unix.go
@@ -4,13 +4,118 @@ package devices
import (
"errors"
+ "io/ioutil"
+ "os"
+ "path/filepath"
"golang.org/x/sys/unix"
)
-func (d *Rule) Mkdev() (uint64, error) {
+var (
+ // ErrNotADevice denotes that a file is not a valid linux device.
+ ErrNotADevice = errors.New("not a device node")
+)
+
+// Testing dependencies
+var (
+ unixLstat = unix.Lstat
+ ioutilReadDir = ioutil.ReadDir
+)
+
+func mkDev(d *Rule) (uint64, error) {
if d.Major == Wildcard || d.Minor == Wildcard {
return 0, errors.New("cannot mkdev() device with wildcards")
}
return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
}
+
+// Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the
+// information about a linux device and return that information as a Device struct.
+func DeviceFromPath(path, permissions string) (*Device, error) {
+ var stat unix.Stat_t
+ err := unixLstat(path, &stat)
+ if err != nil {
+ return nil, err
+ }
+
+ var (
+ devType Type
+ mode = stat.Mode
+ devNumber = uint64(stat.Rdev)
+ major = unix.Major(devNumber)
+ minor = unix.Minor(devNumber)
+ )
+ switch mode & unix.S_IFMT {
+ case unix.S_IFBLK:
+ devType = BlockDevice
+ case unix.S_IFCHR:
+ devType = CharDevice
+ case unix.S_IFIFO:
+ devType = FifoDevice
+ default:
+ return nil, ErrNotADevice
+ }
+ return &Device{
+ Rule: Rule{
+ Type: devType,
+ Major: int64(major),
+ Minor: int64(minor),
+ Permissions: Permissions(permissions),
+ },
+ Path: path,
+ FileMode: os.FileMode(mode &^ unix.S_IFMT),
+ Uid: stat.Uid,
+ Gid: stat.Gid,
+ }, nil
+}
+
+// HostDevices returns all devices that can be found under /dev directory.
+func HostDevices() ([]*Device, error) {
+ return GetDevices("/dev")
+}
+
+// GetDevices recursively traverses a directory specified by path
+// and returns all devices found there.
+func GetDevices(path string) ([]*Device, error) {
+ files, err := ioutilReadDir(path)
+ if err != nil {
+ return nil, err
+ }
+ var out []*Device
+ for _, f := range files {
+ switch {
+ case f.IsDir():
+ switch f.Name() {
+ // ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
+ // ".udev" added to address https://github.com/opencontainers/runc/issues/2093
+ case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
+ continue
+ default:
+ sub, err := GetDevices(filepath.Join(path, f.Name()))
+ if err != nil {
+ return nil, err
+ }
+
+ out = append(out, sub...)
+ continue
+ }
+ case f.Name() == "console":
+ continue
+ }
+ device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
+ if err != nil {
+ if err == ErrNotADevice {
+ continue
+ }
+ if os.IsNotExist(err) {
+ continue
+ }
+ return nil, err
+ }
+ if device.Type == FifoDevice {
+ continue
+ }
+ out = append(out, device)
+ }
+ return out, nil
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/device_windows.go
deleted file mode 100644
index 8511bf00e..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/device_windows.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package devices
-
-func (d *Rule) Mkdev() (uint64, error) {
- return 0, nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go b/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
deleted file mode 100644
index 5011f373d..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package devices
-
-import (
- "errors"
- "io/ioutil"
- "os"
- "path/filepath"
-
- "golang.org/x/sys/unix"
-)
-
-var (
- // ErrNotADevice denotes that a file is not a valid linux device.
- ErrNotADevice = errors.New("not a device node")
-)
-
-// Testing dependencies
-var (
- unixLstat = unix.Lstat
- ioutilReadDir = ioutil.ReadDir
-)
-
-// Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the
-// information about a linux device and return that information as a Device struct.
-func DeviceFromPath(path, permissions string) (*Device, error) {
- var stat unix.Stat_t
- err := unixLstat(path, &stat)
- if err != nil {
- return nil, err
- }
-
- var (
- devType Type
- mode = stat.Mode
- devNumber = uint64(stat.Rdev)
- major = unix.Major(devNumber)
- minor = unix.Minor(devNumber)
- )
- switch mode & unix.S_IFMT {
- case unix.S_IFBLK:
- devType = BlockDevice
- case unix.S_IFCHR:
- devType = CharDevice
- case unix.S_IFIFO:
- devType = FifoDevice
- default:
- return nil, ErrNotADevice
- }
- return &Device{
- Rule: Rule{
- Type: devType,
- Major: int64(major),
- Minor: int64(minor),
- Permissions: Permissions(permissions),
- },
- Path: path,
- FileMode: os.FileMode(mode),
- Uid: stat.Uid,
- Gid: stat.Gid,
- }, nil
-}
-
-// HostDevices returns all devices that can be found under /dev directory.
-func HostDevices() ([]*Device, error) {
- return GetDevices("/dev")
-}
-
-// GetDevices recursively traverses a directory specified by path
-// and returns all devices found there.
-func GetDevices(path string) ([]*Device, error) {
- files, err := ioutilReadDir(path)
- if err != nil {
- return nil, err
- }
- var out []*Device
- for _, f := range files {
- switch {
- case f.IsDir():
- switch f.Name() {
- // ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
- // ".udev" added to address https://github.com/opencontainers/runc/issues/2093
- case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
- continue
- default:
- sub, err := GetDevices(filepath.Join(path, f.Name()))
- if err != nil {
- return nil, err
- }
-
- out = append(out, sub...)
- continue
- }
- case f.Name() == "console":
- continue
- }
- device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
- if err != nil {
- if err == ErrNotADevice {
- continue
- }
- if os.IsNotExist(err) {
- continue
- }
- return nil, err
- }
- if device.Type == FifoDevice {
- continue
- }
- out = append(out, device)
- }
- return out, nil
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
index 49471960b..4379a2070 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
@@ -3,12 +3,9 @@
package system
import (
- "os"
"os/exec"
- "sync"
"unsafe"
- "github.com/opencontainers/runc/libcontainer/user"
"golang.org/x/sys/unix"
)
@@ -87,52 +84,6 @@ func Setctty() error {
return nil
}
-var (
- inUserNS bool
- nsOnce sync.Once
-)
-
-// RunningInUserNS detects whether we are currently running in a user namespace.
-// Originally copied from github.com/lxc/lxd/shared/util.go
-func RunningInUserNS() bool {
- nsOnce.Do(func() {
- uidmap, err := user.CurrentProcessUIDMap()
- if err != nil {
- // This kernel-provided file only exists if user namespaces are supported
- return
- }
- inUserNS = UIDMapInUserNS(uidmap)
- })
- return inUserNS
-}
-
-func UIDMapInUserNS(uidmap []user.IDMap) bool {
- /*
- * We assume we are in the initial user namespace if we have a full
- * range - 4294967295 uids starting at uid 0.
- */
- if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
- return false
- }
- return true
-}
-
-// GetParentNSeuid returns the euid within the parent user namespace
-func GetParentNSeuid() int64 {
- euid := int64(os.Geteuid())
- uidmap, err := user.CurrentProcessUIDMap()
- if err != nil {
- // This kernel-provided file only exists if user namespaces are supported
- return euid
- }
- for _, um := range uidmap {
- if um.ID <= euid && euid <= um.ID+um.Count-1 {
- return um.ParentID + euid - um.ID
- }
- }
- return euid
-}
-
// SetSubreaper sets the value i as the subreaper setting for the calling process
func SetSubreaper(i int) error {
return unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go
deleted file mode 100644
index b94be74a6..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build !linux
-
-package system
-
-import (
- "os"
-
- "github.com/opencontainers/runc/libcontainer/user"
-)
-
-// RunningInUserNS is a stub for non-Linux systems
-// Always returns false
-func RunningInUserNS() bool {
- return false
-}
-
-// UIDMapInUserNS is a stub for non-Linux systems
-// Always returns false
-func UIDMapInUserNS(uidmap []user.IDMap) bool {
- return false
-}
-
-// GetParentNSeuid returns the euid within the parent user namespace
-// Always returns os.Geteuid on non-linux
-func GetParentNSeuid() int {
- return os.Geteuid()
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/userns_deprecated.go b/vendor/github.com/opencontainers/runc/libcontainer/system/userns_deprecated.go
new file mode 100644
index 000000000..2de3462a5
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/system/userns_deprecated.go
@@ -0,0 +1,5 @@
+package system
+
+import "github.com/opencontainers/runc/libcontainer/userns"
+
+var RunningInUserNS = userns.RunningInUserNS
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS b/vendor/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS
deleted file mode 100644
index edbe20066..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/MAINTAINERS
+++ /dev/null
@@ -1,2 +0,0 @@
-Tianon Gravi <admwiggin@gmail.com> (@tianon)
-Aleksa Sarai <cyphar@cyphar.com> (@cyphar)
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go
deleted file mode 100644
index 6fd8dd0d4..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package user
-
-import (
- "errors"
-)
-
-var (
- // The current operating system does not provide the required data for user lookups.
- ErrUnsupported = errors.New("user lookup: operating system does not provide passwd-formatted data")
- // No matching entries found in file.
- ErrNoPasswdEntries = errors.New("no matching entries in passwd file")
- ErrNoGroupEntries = errors.New("no matching entries in group file")
-)
-
-// LookupUser looks up a user by their username in /etc/passwd. If the user
-// cannot be found (or there is no /etc/passwd file on the filesystem), then
-// LookupUser returns an error.
-func LookupUser(username string) (User, error) {
- return lookupUser(username)
-}
-
-// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot
-// be found (or there is no /etc/passwd file on the filesystem), then LookupId
-// returns an error.
-func LookupUid(uid int) (User, error) {
- return lookupUid(uid)
-}
-
-// LookupGroup looks up a group by its name in /etc/group. If the group cannot
-// be found (or there is no /etc/group file on the filesystem), then LookupGroup
-// returns an error.
-func LookupGroup(groupname string) (Group, error) {
- return lookupGroup(groupname)
-}
-
-// LookupGid looks up a group by its group id in /etc/group. If the group cannot
-// be found (or there is no /etc/group file on the filesystem), then LookupGid
-// returns an error.
-func LookupGid(gid int) (Group, error) {
- return lookupGid(gid)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
index 92b5ae8de..967717a1b 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
@@ -16,13 +16,19 @@ const (
unixGroupPath = "/etc/group"
)
-func lookupUser(username string) (User, error) {
+// LookupUser looks up a user by their username in /etc/passwd. If the user
+// cannot be found (or there is no /etc/passwd file on the filesystem), then
+// LookupUser returns an error.
+func LookupUser(username string) (User, error) {
return lookupUserFunc(func(u User) bool {
return u.Name == username
})
}
-func lookupUid(uid int) (User, error) {
+// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot
+// be found (or there is no /etc/passwd file on the filesystem), then LookupId
+// returns an error.
+func LookupUid(uid int) (User, error) {
return lookupUserFunc(func(u User) bool {
return u.Uid == uid
})
@@ -51,13 +57,19 @@ func lookupUserFunc(filter func(u User) bool) (User, error) {
return users[0], nil
}
-func lookupGroup(groupname string) (Group, error) {
+// LookupGroup looks up a group by its name in /etc/group. If the group cannot
+// be found (or there is no /etc/group file on the filesystem), then LookupGroup
+// returns an error.
+func LookupGroup(groupname string) (Group, error) {
return lookupGroupFunc(func(g Group) bool {
return g.Name == groupname
})
}
-func lookupGid(gid int) (Group, error) {
+// LookupGid looks up a group by its group id in /etc/group. If the group cannot
+// be found (or there is no /etc/group file on the filesystem), then LookupGid
+// returns an error.
+func LookupGid(gid int) (Group, error) {
return lookupGroupFunc(func(g Group) bool {
return g.Gid == gid
})
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go b/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go
deleted file mode 100644
index f19333e61..000000000
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/lookup_windows.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// +build windows
-
-package user
-
-import (
- "os/user"
- "strconv"
-)
-
-func lookupUser(username string) (User, error) {
- u, err := user.Lookup(username)
- if err != nil {
- return User{}, err
- }
- return userFromOS(u)
-}
-
-func lookupUid(uid int) (User, error) {
- u, err := user.LookupId(strconv.Itoa(uid))
- if err != nil {
- return User{}, err
- }
- return userFromOS(u)
-}
-
-func lookupGroup(groupname string) (Group, error) {
- g, err := user.LookupGroup(groupname)
- if err != nil {
- return Group{}, err
- }
- return groupFromOS(g)
-}
-
-func lookupGid(gid int) (Group, error) {
- g, err := user.LookupGroupId(strconv.Itoa(gid))
- if err != nil {
- return Group{}, err
- }
- return groupFromOS(g)
-}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
index a533bf5e6..68da4400d 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -2,10 +2,10 @@ package user
import (
"bufio"
+ "errors"
"fmt"
"io"
"os"
- "os/user"
"strconv"
"strings"
)
@@ -16,6 +16,13 @@ const (
)
var (
+ // The current operating system does not provide the required data for user lookups.
+ ErrUnsupported = errors.New("user lookup: operating system does not provide passwd-formatted data")
+
+ // No matching entries found in file.
+ ErrNoPasswdEntries = errors.New("no matching entries in passwd file")
+ ErrNoGroupEntries = errors.New("no matching entries in group file")
+
ErrRange = fmt.Errorf("uids and gids must be in range %d-%d", minId, maxId)
)
@@ -29,28 +36,6 @@ type User struct {
Shell string
}
-// userFromOS converts an os/user.(*User) to local User
-//
-// (This does not include Pass, Shell or Gecos)
-func userFromOS(u *user.User) (User, error) {
- newUser := User{
- Name: u.Username,
- Home: u.HomeDir,
- }
- id, err := strconv.Atoi(u.Uid)
- if err != nil {
- return newUser, err
- }
- newUser.Uid = id
-
- id, err = strconv.Atoi(u.Gid)
- if err != nil {
- return newUser, err
- }
- newUser.Gid = id
- return newUser, nil
-}
-
type Group struct {
Name string
Pass string
@@ -58,23 +43,6 @@ type Group struct {
List []string
}
-// groupFromOS converts an os/user.(*Group) to local Group
-//
-// (This does not include Pass or List)
-func groupFromOS(g *user.Group) (Group, error) {
- newGroup := Group{
- Name: g.Name,
- }
-
- id, err := strconv.Atoi(g.Gid)
- if err != nil {
- return newGroup, err
- }
- newGroup.Gid = id
-
- return newGroup, nil
-}
-
// SubID represents an entry in /etc/sub{u,g}id
type SubID struct {
Name string
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go
new file mode 100644
index 000000000..8c9bb5df3
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go
@@ -0,0 +1,42 @@
+// +build gofuzz
+
+package user
+
+import (
+ "io"
+ "strings"
+)
+
+func IsDivisbleBy(n int, divisibleby int) bool {
+ return (n % divisibleby) == 0
+}
+
+func FuzzUser(data []byte) int {
+ if len(data) == 0 {
+ return -1
+ }
+ if !IsDivisbleBy(len(data), 5) {
+ return -1
+ }
+
+ var divided [][]byte
+
+ chunkSize := len(data) / 5
+
+ for i := 0; i < len(data); i += chunkSize {
+ end := i + chunkSize
+
+ divided = append(divided, data[i:end])
+ }
+
+ _, _ = ParsePasswdFilter(strings.NewReader(string(divided[0])), nil)
+
+ var passwd, group io.Reader
+
+ group = strings.NewReader(string(divided[1]))
+ _, _ = GetAdditionalGroups([]string{string(divided[2])}, group)
+
+ passwd = strings.NewReader(string(divided[3]))
+ _, _ = GetExecUser(string(divided[4]), nil, passwd, group)
+ return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go
new file mode 100644
index 000000000..f6cb98e5e
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns.go
@@ -0,0 +1,5 @@
+package userns
+
+// RunningInUserNS detects whether we are currently running in a user namespace.
+// Originally copied from github.com/lxc/lxd/shared/util.go
+var RunningInUserNS = runningInUserNS
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go
new file mode 100644
index 000000000..529f8eaea
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_fuzzer.go
@@ -0,0 +1,15 @@
+// +build gofuzz
+
+package userns
+
+import (
+ "strings"
+
+ "github.com/opencontainers/runc/libcontainer/user"
+)
+
+func FuzzUIDMap(data []byte) int {
+ uidmap, _ := user.ParseIDMap(strings.NewReader(string(data)))
+ _ = uidMapInUserNS(uidmap)
+ return 1
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go
new file mode 100644
index 000000000..724e6df01
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_linux.go
@@ -0,0 +1,37 @@
+package userns
+
+import (
+ "sync"
+
+ "github.com/opencontainers/runc/libcontainer/user"
+)
+
+var (
+ inUserNS bool
+ nsOnce sync.Once
+)
+
+// runningInUserNS detects whether we are currently running in a user namespace.
+// Originally copied from github.com/lxc/lxd/shared/util.go
+func runningInUserNS() bool {
+ nsOnce.Do(func() {
+ uidmap, err := user.CurrentProcessUIDMap()
+ if err != nil {
+ // This kernel-provided file only exists if user namespaces are supported
+ return
+ }
+ inUserNS = uidMapInUserNS(uidmap)
+ })
+ return inUserNS
+}
+
+func uidMapInUserNS(uidmap []user.IDMap) bool {
+ /*
+ * We assume we are in the initial user namespace if we have a full
+ * range - 4294967295 uids starting at uid 0.
+ */
+ if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
+ return false
+ }
+ return true
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go
new file mode 100644
index 000000000..f45bb0c31
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/userns/userns_unsupported.go
@@ -0,0 +1,17 @@
+// +build !linux
+
+package userns
+
+import "github.com/opencontainers/runc/libcontainer/user"
+
+// runningInUserNS is a stub for non-Linux systems
+// Always returns false
+func runningInUserNS() bool {
+ return false
+}
+
+// uidMapInUserNS is a stub for non-Linux systems
+// Always returns false
+func uidMapInUserNS(uidmap []user.IDMap) bool {
+ return false
+}
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
index 5fceeb635..6a7a91e55 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
@@ -598,10 +598,13 @@ type VMImage struct {
// LinuxSeccomp represents syscall restrictions
type LinuxSeccomp struct {
- DefaultAction LinuxSeccompAction `json:"defaultAction"`
- Architectures []Arch `json:"architectures,omitempty"`
- Flags []LinuxSeccompFlag `json:"flags,omitempty"`
- Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
+ DefaultAction LinuxSeccompAction `json:"defaultAction"`
+ DefaultErrnoRet *uint `json:"defaultErrnoRet,omitempty"`
+ Architectures []Arch `json:"architectures,omitempty"`
+ Flags []LinuxSeccompFlag `json:"flags,omitempty"`
+ ListenerPath string `json:"listenerPath,omitempty"`
+ ListenerMetadata string `json:"listenerMetadata,omitempty"`
+ Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
}
// Arch used for additional architectures
@@ -641,11 +644,13 @@ type LinuxSeccompAction string
const (
ActKill LinuxSeccompAction = "SCMP_ACT_KILL"
ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS"
+ ActKillThread LinuxSeccompAction = "SCMP_ACT_KILL_THREAD"
ActTrap LinuxSeccompAction = "SCMP_ACT_TRAP"
ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO"
ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
ActLog LinuxSeccompAction = "SCMP_ACT_LOG"
+ ActNotify LinuxSeccompAction = "SCMP_ACT_NOTIFY"
)
// LinuxSeccompOperator used to match syscall arguments in Seccomp
diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
index e2e64c663..7c010d4fe 100644
--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
@@ -5,17 +5,17 @@ type ContainerState string
const (
// StateCreating indicates that the container is being created
- StateCreating ContainerState = "creating"
+ StateCreating ContainerState = "creating"
// StateCreated indicates that the runtime has finished the create operation
- StateCreated ContainerState = "created"
+ StateCreated ContainerState = "created"
// StateRunning indicates that the container process has executed the
// user-specified program but has not exited
- StateRunning ContainerState = "running"
+ StateRunning ContainerState = "running"
// StateStopped indicates that the container process has exited
- StateStopped ContainerState = "stopped"
+ StateStopped ContainerState = "stopped"
)
// State holds information about the runtime state of the container.
@@ -33,3 +33,24 @@ type State struct {
// Annotations are key values associated with the container.
Annotations map[string]string `json:"annotations,omitempty"`
}
+
+const (
+ // SeccompFdName is the name of the seccomp notify file descriptor.
+ SeccompFdName string = "seccompFd"
+)
+
+// ContainerProcessState holds information about the state of a container process.
+type ContainerProcessState struct {
+ // Version is the version of the specification that is supported.
+ Version string `json:"ociVersion"`
+ // Fds is a string array containing the names of the file descriptors passed.
+ // The index of the name in this array corresponds to index of the file
+ // descriptor in the `SCM_RIGHTS` array.
+ Fds []string `json:"fds"`
+ // Pid is the process ID as seen by the runtime.
+ Pid int `json:"pid"`
+ // Opaque metadata.
+ Metadata string `json:"metadata,omitempty"`
+ // State of the container.
+ State State `json:"state"`
+}
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index 6b4027b33..db9171c2e 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index cfc08c979..c61f95a05 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index 964946df9..96f81e209 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 2f557a588..39acab2ff 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build (386 || amd64 || amd64p32) && gc
// +build 386 amd64 amd64p32
// +build gc
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index 6b4027b33..db9171c2e 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 0655ecbfb..8fd101d07 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index bc3fb6ac3..7ed38e43c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 55b13c7ba..8ef1d5140 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 22a83d8e3..98ae02760 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build linux && arm64 && gc
// +build linux
// +build arm64
// +build gc
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index dc222b90c..21231d2ce 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build linux && (mips64 || mips64le) && gc
// +build linux
// +build mips64 mips64le
// +build gc
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index d333f13cf..6783b26c6 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build linux && (mips || mipsle) && gc
// +build linux
// +build mips mipsle
// +build gc
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 459a629c2..19d498934 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build linux && (ppc64 || ppc64le) && gc
// +build linux
// +build ppc64 ppc64le
// +build gc
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index 04d38497c..e42eb81d5 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -2,7 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build riscv64,gc
+//go:build riscv64 && gc
+// +build riscv64
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index cc303989e..c46aab339 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -2,8 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build s390x
+//go:build linux && s390x && gc
// +build linux
+// +build s390x
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 47c93fcb6..5e7a1169c 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index 1f2c755a7..f8c5394c1 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build gc
// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
index c5c58806c..8c5357683 100644
--- a/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -1,4 +1,4 @@
-// Copyright 2009 The Go Authors. All rights reserved.
+// Copyright 2021 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
@@ -10,6 +10,8 @@
package unix
import (
+ "fmt"
+ "runtime"
"unsafe"
)
@@ -127,3 +129,50 @@ func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags
}
return retCl, retData, flags, nil
}
+
+func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
+ return ioctlRet(fd, req, uintptr(arg))
+}
+
+func IoctlSetString(fd int, req uint, val string) error {
+ bs := make([]byte, len(val)+1)
+ copy(bs[:len(bs)-1], val)
+ err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
+ runtime.KeepAlive(&bs[0])
+ return err
+}
+
+// Lifreq Helpers
+
+func (l *Lifreq) SetName(name string) error {
+ if len(name) >= len(l.Name) {
+ return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1)
+ }
+ for i := range name {
+ l.Name[i] = int8(name[i])
+ }
+ return nil
+}
+
+func (l *Lifreq) SetLifruInt(d int) {
+ *(*int)(unsafe.Pointer(&l.Lifru[0])) = d
+}
+
+func (l *Lifreq) GetLifruInt() int {
+ return *(*int)(unsafe.Pointer(&l.Lifru[0]))
+}
+
+func IoctlLifreq(fd int, req uint, l *Lifreq) error {
+ return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
+}
+
+// Strioctl Helpers
+
+func (s *Strioctl) SetInt(i int) {
+ s.Len = int32(unsafe.Sizeof(i))
+ s.Dp = (*int8)(unsafe.Pointer(&i))
+}
+
+func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
+ return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 4263953be..2dd7c8e34 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1151,7 +1151,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
func Accept(fd int) (nfd int, sa Sockaddr, err error) {
var rsa RawSockaddrAny
var len _Socklen = SizeofSockaddrAny
- nfd, err = accept(fd, &rsa, &len)
+ // Try accept4 first for Android, then try accept for kernel older than 2.6.28
+ nfd, err = accept4(fd, &rsa, &len, 0)
+ if err == ENOSYS {
+ nfd, err = accept(fd, &rsa, &len)
+ }
if err != nil {
return
}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 35de419c6..47572aaa6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -166,13 +166,16 @@ const (
BPF_ALU64 = 0x7
BPF_AND = 0x50
BPF_ARSH = 0xc0
+ BPF_ATOMIC = 0xc0
BPF_B = 0x10
BPF_BUILD_ID_SIZE = 0x14
BPF_CALL = 0x80
+ BPF_CMPXCHG = 0xf1
BPF_DIV = 0x30
BPF_DW = 0x18
BPF_END = 0xd0
BPF_EXIT = 0x90
+ BPF_FETCH = 0x1
BPF_FROM_BE = 0x8
BPF_FROM_LE = 0x0
BPF_FS_MAGIC = 0xcafe4a11
@@ -240,6 +243,7 @@ const (
BPF_W = 0x0
BPF_X = 0x8
BPF_XADD = 0xc0
+ BPF_XCHG = 0xe1
BPF_XOR = 0xa0
BRKINT = 0x2
BS0 = 0x0
@@ -490,9 +494,9 @@ const (
DM_UUID_FLAG = 0x4000
DM_UUID_LEN = 0x81
DM_VERSION = 0xc138fd00
- DM_VERSION_EXTRA = "-ioctl (2020-10-01)"
+ DM_VERSION_EXTRA = "-ioctl (2021-02-01)"
DM_VERSION_MAJOR = 0x4
- DM_VERSION_MINOR = 0x2b
+ DM_VERSION_MINOR = 0x2c
DM_VERSION_PATCHLEVEL = 0x0
DT_BLK = 0x6
DT_CHR = 0x2
@@ -860,6 +864,7 @@ const (
FS_IOC_GET_ENCRYPTION_KEY_STATUS = 0xc080661a
FS_IOC_GET_ENCRYPTION_POLICY_EX = 0xc0096616
FS_IOC_MEASURE_VERITY = 0xc0046686
+ FS_IOC_READ_VERITY_METADATA = 0xc0286687
FS_IOC_REMOVE_ENCRYPTION_KEY = 0xc0406618
FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS = 0xc0406619
FS_KEY_DESCRIPTOR_SIZE = 0x8
@@ -875,6 +880,9 @@ const (
FS_VERITY_FL = 0x100000
FS_VERITY_HASH_ALG_SHA256 = 0x1
FS_VERITY_HASH_ALG_SHA512 = 0x2
+ FS_VERITY_METADATA_TYPE_DESCRIPTOR = 0x2
+ FS_VERITY_METADATA_TYPE_MERKLE_TREE = 0x1
+ FS_VERITY_METADATA_TYPE_SIGNATURE = 0x3
FUTEXFS_SUPER_MAGIC = 0xbad1dea
F_ADD_SEALS = 0x409
F_DUPFD = 0x0
@@ -1673,6 +1681,10 @@ const (
PERF_FLAG_PID_CGROUP = 0x4
PERF_MAX_CONTEXTS_PER_STACK = 0x8
PERF_MAX_STACK_DEPTH = 0x7f
+ PERF_MEM_BLK_ADDR = 0x4
+ PERF_MEM_BLK_DATA = 0x2
+ PERF_MEM_BLK_NA = 0x1
+ PERF_MEM_BLK_SHIFT = 0x28
PERF_MEM_LOCK_LOCKED = 0x2
PERF_MEM_LOCK_NA = 0x1
PERF_MEM_LOCK_SHIFT = 0x18
@@ -1736,12 +1748,14 @@ const (
PERF_RECORD_MISC_GUEST_USER = 0x5
PERF_RECORD_MISC_HYPERVISOR = 0x3
PERF_RECORD_MISC_KERNEL = 0x1
+ PERF_RECORD_MISC_MMAP_BUILD_ID = 0x4000
PERF_RECORD_MISC_MMAP_DATA = 0x2000
PERF_RECORD_MISC_PROC_MAP_PARSE_TIMEOUT = 0x1000
PERF_RECORD_MISC_SWITCH_OUT = 0x2000
PERF_RECORD_MISC_SWITCH_OUT_PREEMPT = 0x4000
PERF_RECORD_MISC_USER = 0x2
PERF_SAMPLE_BRANCH_PLM_ALL = 0x7
+ PERF_SAMPLE_WEIGHT_TYPE = 0x1004000
PIPEFS_MAGIC = 0x50495045
PPC_CMM_MAGIC = 0xc7571590
PPPIOCGNPMODE = 0xc008744c
@@ -1995,6 +2009,10 @@ const (
RTCF_NAT = 0x800000
RTCF_VALVE = 0x200000
RTC_AF = 0x20
+ RTC_FEATURE_ALARM = 0x0
+ RTC_FEATURE_ALARM_RES_MINUTE = 0x1
+ RTC_FEATURE_CNT = 0x3
+ RTC_FEATURE_NEED_WEEK_DAY = 0x2
RTC_IRQF = 0x80
RTC_MAX_FREQ = 0x2000
RTC_PF = 0x40
@@ -2068,6 +2086,7 @@ const (
RTM_F_LOOKUP_TABLE = 0x1000
RTM_F_NOTIFY = 0x100
RTM_F_OFFLOAD = 0x4000
+ RTM_F_OFFLOAD_FAILED = 0x20000000
RTM_F_PREFIX = 0x800
RTM_F_TRAP = 0x8000
RTM_GETACTION = 0x32
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index a508392d2..6d30e6fd8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -212,6 +212,8 @@ const (
PTRACE_POKE_SYSTEM_CALL = 0x5008
PTRACE_PROT = 0x15
PTRACE_SINGLEBLOCK = 0xc
+ PTRACE_SYSEMU = 0x1f
+ PTRACE_SYSEMU_SINGLESTEP = 0x20
PTRACE_TE_ABORT_RAND = 0x5011
PT_ACR0 = 0x90
PT_ACR1 = 0x94
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
index 00da1ebfc..1c73a1921 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go 386
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.13
// +build go1.13
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
index 1c53979a1..8cc7928d9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go 386
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.12
// +build go1.12
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
index d671e8311..ab59833fc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go amd64
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.13
// +build go1.13
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index c77bd6e20..b8f316e67 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go amd64
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.12
// +build go1.12
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
index 488e55707..0cc80ad87 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go arm
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.13
// +build go1.13
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
index 5eec5f1d9..a99f9c111 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go arm
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.12
// +build go1.12
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
index b29dabb0f..a5f96ffb0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go arm64
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.13
// +build go1.13
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index 53c402bf6..e30a69740 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -1,6 +1,7 @@
// go run mkasm_darwin.go arm64
// Code generated by the command above; DO NOT EDIT.
+//go:build go1.12
// +build go1.12
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 8e5359713..fbc59b7fd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -438,4 +438,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index d7dceb769..04d16d771 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -360,4 +360,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 04093a69f..3b1c10513 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -402,4 +402,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 48f94f135..3198adcf7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -305,4 +305,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 499978c3e..c877ec6e6 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -423,4 +423,5 @@ const (
SYS_FACCESSAT2 = 4439
SYS_PROCESS_MADVISE = 4440
SYS_EPOLL_PWAIT2 = 4441
+ SYS_MOUNT_SETATTR = 4442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 10d1db2be..b5f290372 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -353,4 +353,5 @@ const (
SYS_FACCESSAT2 = 5439
SYS_PROCESS_MADVISE = 5440
SYS_EPOLL_PWAIT2 = 5441
+ SYS_MOUNT_SETATTR = 5442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 208d5dcd5..46077689a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -353,4 +353,5 @@ const (
SYS_FACCESSAT2 = 5439
SYS_PROCESS_MADVISE = 5440
SYS_EPOLL_PWAIT2 = 5441
+ SYS_MOUNT_SETATTR = 5442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index f8250602e..80e6696b3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -423,4 +423,5 @@ const (
SYS_FACCESSAT2 = 4439
SYS_PROCESS_MADVISE = 4440
SYS_EPOLL_PWAIT2 = 4441
+ SYS_MOUNT_SETATTR = 4442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index 7693656a6..b9d697ffb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -430,4 +430,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index d5ed3ff51..08edc54d3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -402,4 +402,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index e29b4424c..33b33b083 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -402,4 +402,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 41deed6c3..66c8a8e09 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -304,4 +304,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 8e53a9e8c..aea5760ce 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -367,4 +367,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 596e5bc7d..488ca848d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -381,4 +381,5 @@ const (
SYS_FACCESSAT2 = 439
SYS_PROCESS_MADVISE = 440
SYS_EPOLL_PWAIT2 = 441
+ SYS_MOUNT_SETATTR = 442
)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
index 1137a5a1f..236f37ef6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
@@ -25,14 +25,14 @@ type strbuf struct {
Buf *int8
}
-type strioctl struct {
+type Strioctl struct {
Cmd int32
Timout int32
Len int32
Dp *int8
}
-type lifreq struct {
+type Lifreq struct {
Name [32]int8
Lifru1 [4]byte
Type uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 3bfc6f732..087323591 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1016,7 +1016,10 @@ const (
PERF_SAMPLE_PHYS_ADDR = 0x80000
PERF_SAMPLE_AUX = 0x100000
PERF_SAMPLE_CGROUP = 0x200000
- PERF_SAMPLE_MAX = 0x1000000
+ PERF_SAMPLE_DATA_PAGE_SIZE = 0x400000
+ PERF_SAMPLE_CODE_PAGE_SIZE = 0x800000
+ PERF_SAMPLE_WEIGHT_STRUCT = 0x1000000
+ PERF_SAMPLE_MAX = 0x2000000
PERF_SAMPLE_BRANCH_USER_SHIFT = 0x0
PERF_SAMPLE_BRANCH_KERNEL_SHIFT = 0x1
PERF_SAMPLE_BRANCH_HV_SHIFT = 0x2
@@ -3126,7 +3129,8 @@ const (
DEVLINK_ATTR_REMOTE_RELOAD_STATS = 0xa1
DEVLINK_ATTR_RELOAD_ACTION_INFO = 0xa2
DEVLINK_ATTR_RELOAD_ACTION_STATS = 0xa3
- DEVLINK_ATTR_MAX = 0xa3
+ DEVLINK_ATTR_PORT_PCI_SF_NUMBER = 0xa4
+ DEVLINK_ATTR_MAX = 0xa4
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1
DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0
@@ -3140,7 +3144,9 @@ const (
DEVLINK_RESOURCE_UNIT_ENTRY = 0x0
DEVLINK_PORT_FUNCTION_ATTR_UNSPEC = 0x0
DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1
- DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x1
+ DEVLINK_PORT_FN_ATTR_STATE = 0x2
+ DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3
+ DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3
)
type FsverityDigest struct {
@@ -3509,7 +3515,8 @@ const (
ETHTOOL_A_LINKMODES_DUPLEX = 0x6
ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG = 0x7
ETHTOOL_A_LINKMODES_MASTER_SLAVE_STATE = 0x8
- ETHTOOL_A_LINKMODES_MAX = 0x8
+ ETHTOOL_A_LINKMODES_LANES = 0x9
+ ETHTOOL_A_LINKMODES_MAX = 0x9
ETHTOOL_A_LINKSTATE_UNSPEC = 0x0
ETHTOOL_A_LINKSTATE_HEADER = 0x1
ETHTOOL_A_LINKSTATE_LINK = 0x2
diff --git a/vendor/modules.txt b/vendor/modules.txt
index af0043642..a494d2fbe 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -494,7 +494,7 @@ github.com/opencontainers/go-digest
# github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
github.com/opencontainers/image-spec/specs-go
github.com/opencontainers/image-spec/specs-go/v1
-# github.com/opencontainers/runc v1.0.0-rc93
+# github.com/opencontainers/runc v1.0.0-rc94
github.com/opencontainers/runc/libcontainer/apparmor
github.com/opencontainers/runc/libcontainer/cgroups
github.com/opencontainers/runc/libcontainer/cgroups/fscommon
@@ -502,8 +502,9 @@ github.com/opencontainers/runc/libcontainer/configs
github.com/opencontainers/runc/libcontainer/devices
github.com/opencontainers/runc/libcontainer/system
github.com/opencontainers/runc/libcontainer/user
+github.com/opencontainers/runc/libcontainer/userns
github.com/opencontainers/runc/libcontainer/utils
-# github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
+# github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/runtime-spec/specs-go
# github.com/opencontainers/runtime-tools v0.9.0
github.com/opencontainers/runtime-tools/error
@@ -658,7 +659,7 @@ golang.org/x/net/proxy
golang.org/x/net/trace
# golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20210423082822-04245dca01da
+# golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
golang.org/x/sys/cpu
golang.org/x/sys/execabs
golang.org/x/sys/internal/unsafeheader